gafgyt | 0c6057a83298d512a915f1cba85d4ae39c3e0efa35770ce54c59bb0983cbc5c5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4aea5a91fbf8d219f506c1f7053fb193
Size

89KB
Sample

231219-25myeaeab2
MD5

4aea5a91fbf8d219f506c1f7053fb193
SHA1

46cddd7a820a5aa4051ee5259a11044625f87d7b
SHA256

0c6057a83298d512a915f1cba85d4ae39c3e0efa35770ce54c59bb0983cbc5c5
SHA512

2b890944fb371f7ca4dbc735c3855deb43cc7f3d99b67d2a3e2b6335840242d2d59c0ae4ccbf3702746597eb81d84fa9b885c76b32461864c243e14803a7b643
SSDEEP

1536:UD4cnwsetnH3KjgrpWpMNKku7Ta34T2ANud7EgMatutc4ROG7gnqc:0xAH3ov2NKku7Tae2Qgxstc4kG7gnqc

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

199.38.243.9:23

Targets

- Target
  
  4aea5a91fbf8d219f506c1f7053fb193
- Size
  
  89KB
- MD5
  
  4aea5a91fbf8d219f506c1f7053fb193
- SHA1
  
  46cddd7a820a5aa4051ee5259a11044625f87d7b
- SHA256
  
  0c6057a83298d512a915f1cba85d4ae39c3e0efa35770ce54c59bb0983cbc5c5
- SHA512
  
  2b890944fb371f7ca4dbc735c3855deb43cc7f3d99b67d2a3e2b6335840242d2d59c0ae4ccbf3702746597eb81d84fa9b885c76b32461864c243e14803a7b643
- SSDEEP
  
  1536:UD4cnwsetnH3KjgrpWpMNKku7Ta34T2ANud7EgMatutc4ROG7gnqc:0xAH3ov2NKku7Tae2Qgxstc4kG7gnqc
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1